log-opslisted

# Log Operations Practical patterns for analyzing log files -- especially JSONL format used in agent conversation logs, benchmark outputs, and structured application logs. ## Log Format Decision Tree ``` Unknown Log File │ ├─ Is it one JSON object per line? │ ├─ Yes ──────────────────────── JSONL │ │ ├─ Small file (<100MB) │ │ │ └─ jq for extraction, jq -s for aggregation │ │ ├─ Large file (100MB-1GB) │ │ │ └─ rg prefilter then pipe to jq │ │ └─ Huge file (>1GB) │ │ └─ split + parallel jq, or jq --stream │ │ │ └─ No │ ├─ Is it one large JSON object/array? │ │ └─ Yes ──────────────── Single JSON │ │ └─ jq --stream for SAX-style, or jq directly if fits in memory │ │ │ ├─ Does it have key=value pairs? │ │ └─ Yes ──────────────── Structured (logfmt / key-value) │ │ └─ rg for search, awk/sd for extraction, angle-grinder for aggregation │ │ │ ├─ Does it follow syslog format? (timestamp hostname service[pid]: message) │ │ └─ Yes ──────────────── Syslog │ │ └─ rg for search, awk for column extraction, lnav for interactive │ │ │ ├─ Is it space/tab delimited with consistent columns? │ │ └─ Yes ──────────────── Column-based (access logs, CSV) │ │ └─ awk for extraction, mlr for CSV, rg for pattern search │ │ │ └─ Mixed or unstructured │ └─ Plain text ─────────── Freeform │ └─ rg for search, rg -A/-B for context, lnav for exploration ``` ## Prerequisites **Requ